SEI Conducts Emerging Technology Domains Risk Survey

June 24, 2015 • Article

June 24, 2015—Tasked by the Department of Homeland Security (DHS) to study emerging, systemic vulnerabilities, an SEI team comprising Christopher King of the CERT Coordination Center (CERT/CC) and Jonathan Chu and Andrew Mellinger of the SEI Emerging Technology Center researched emerging technology trends through 2024. The team identified emerging technology areas with potential harmful impact and then considered how these impacts might manifest themselves if broadly adopted. The result of this work is the Emerging Technology Domains Risk Survey, which will be updated each year to include new domains, to reassess the cybersecurity impact of each domain, and to adjust the adoption timeline as needed.

“Beginning with a list of over 1,700 different technologies, we focused on similarities between technologies and categorized them into technology domains,” said King. “Of those domains, we developed a methodology for triaging the importance of each domain based off of the size of the market, the expected growth, the potential for human harm, and other categories.”

For the inaugural report, the team identified five domains it believes must be considered high priority for outreach and analysis:

Vehicle Autonomy – self-driving cars and trucks

Smart Sensors – networked sensors considered part of the “internet of things”

“Every domain is nuanced,” said Chu. “Some domains may require further study earlier in the development lifecycle. Different approaches to improving security should be taken depending on the specific nature of each domain.”

The report includes a specific approach recommended by the CERT/CC for improving security in each domain.

“Our goal is to help identify the specific technology areas that are likely to be transformative and ubiquitous in the near future, and attach some measure of cybersecurity risk to them,” said King. “With that knowledge, we hope to start addressing cybersecurity problems now, before it’s too late to change. We’ve already shared this information with our sponsors at DHS and with other federal agencies like the Department of Transportation, which is using it to start the conversation about how they can improve the security of these domains.”